Gotham Security Daily Threat Alerts

June 16, Softpedia – (International) Microsoft OLE abused to embed malicious code in Office docs, similarly to macros. Security researchers discovered a macro malware infection method was abusing Microsoft’s Object Linking and Embedding (OLE) system by tricking users into embedding a JavaScript or a VBScript file that downloads an encrypted binary and bypasses network-based protections that identify malicious data formats. Once the scripts save the encrypted binary, a Vibrio or the Donvibs trojan is installed and the final payload, Cerber ransomware can infect the victim’s system. Source

June 15, SecurityWeek – (International) Flaw allowed hackers to steal emails from Verizon users. A security researcher discovered several vulnerabilities in Verizon’s Webmail portal that could be exploited by hackers, who possess a Verizon email account, to substitute the value of the userID in their own request with the victim’s userID in order to forward all the victim’s emails to an arbitrary email address. Victims would be unaware of the email forwarding as the transactions are not shown in the Verizon inbox. Source

June 15, Help Net Security – (International) 70,000 hacked servers for sale on xDedic underground market. Security researchers from Kaspersky Lab investigated the xDedic marketplace, a global forum where cybercriminals can buy and sell access to compromised servers, and found that 70,624 hacked remote desktop protocol (RDP) servers used to host or provide access to popular consumer Web sites were for sale. The illegal data can be used to target government entities, corporations, and universities without the institute’s knowledge. Source

June 15, SecurityWeek – (International) Schneider patches severe flaw in video management system. Schneider Electric released version 7.13.84 for its Pelco Digital Sentry (DS) product after the company found the tool contained hardcoded credentials that could be leveraged by an attacker to elevate their privileges and gain access to sensitive information or execute arbitrary code on the affected system. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report